Vikjuna: Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API

Summary The GET /api/v1/projects/:project/webhooks endpoint returns webhook BasicAuth credentials basicauthuser and basicauthpassword in plaintext to any user with read access to the project. While the existing code correctly masks the HMAC secret field, the BasicAuth fields added in a later...

EUVD-2023-1276

Malicious code in bioql PyPI...

EUVD-2023-1623

Malicious code in bioql PyPI...

EUVD-2023-2191

Malicious code in bioql PyPI...

CVE-2025-53650

Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log...

CVE-2023-41934

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...

CVE-2023-30514

Jenkins Azure Key Vault Plugin 187.vacd5fecd198a and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

CVE-2023-30515

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

CVE-2022-46685

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log...

Token Disclosure

github.com/fluxcd/source-controller is vulnerable to Token Disclosure though logs. The vulnerability is due to improper credential masking in error statements when the source-controller encounters an error when connecting to Azure Blob Storage, resulting in the Azure SAS token being logged along...

jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin

A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask replace with asterisks credentials specified in configuration files when they're written to the build log...

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.14. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Jenkins Config File Provider Plugin improper credential masking vulnerability

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they’re written to the build log. Config File Provider Plugin 953.v0432a802e4d2 masks credentials configured in configuration files if the...

GHSA-PV2G-VM98-VJXF Jenkins Config File Provider Plugin improper credential masking vulnerability

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they’re written to the build log. Config File Provider Plugin 953.v0432a802e4d2 masks credentials configured in configuration files if the...

Jenkins HashiCorp Vault Plugin has improper masking of credentials

Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an...

GHSA-GMXM-PR58-V5JC Jenkins Azure Key Vault Plugin does not properly mask credentials

Multiple Jenkins plugins do not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an agent typically inside a node block. -...

CVE-2023-30514

Jenkins Azure Key Vault Plugin 187.vacd5fecd198a and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

CVE-2023-30515

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

Jenkins Gitea Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Improper masking of credentials Jenkins in Git Plugin

Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...